Job Board - Job Detail: Farmers Insurance - Information Security Specialist I

Information Security Specialist I - Governance, Risk, & Compliance

Farmers Insurance

Remote,

Number Of Vacancies: 1

Job Summary

The GRC Security Specialist will utilize a wide range of risk-based methodologies to independently perform intermediate to advanced analysis, validation, and reporting on a broad range of interdependent cybersecurity risks. Additionally, the Specialist will:

Lead annual cyber risk assessment and maintain the cyber risk register
participate in local information security awareness initiatives in partnership with the global security awareness team, including annual Farmers security awareness training, IT manager/privileged user training, business unit security champions, security awareness communications, phishing campaigns, cyber security awareness month, and other security awareness initiatives as needed
lead annual security policy review and creation of net new security policies as needed
partner with cloud security team to develop and implement a cloud security governance framework, policies, and procedures
document agendas and minutes for various security steering committees
support documentation of NIST Cybersecurity Framework controls
serve as a security risk and compliance subject matter expert by advising business and IT teams as needed, as well as by partnering with various assurance teams

Essential Job Functions

Identify, assess, document, and articulate various types of data security and data privacy risks, as well as appropriate countermeasures and controls to address data security and data privacy concerns.
Lead and conduct annual cyber risk assessment.
Create and maintain the cyber risk register.
Identify opportunities to proactively mitigate moderate to major risks by partnering with the cyber security, cloud security, application security, and security engineering teams
Design and evaluate policies and processes to ensure legal and regulatory security compliance requirements are met.
Interpret irregular and indeterminate patterns of noncompliance to determine their impact on levels of risk and overall effectiveness of the enterprise’s cybersecurity program.
Utilize security reporting data to recommend creative solutions or policy changes.
Participate in audits of cyber programs and projects. Demonstrate ownership of assigned audit actions or regulator requests by diligently providing responses and evidence within established timeframes.
Build and maintain relationships with a wide network of business and IT stakeholders. Participate in cross-functional projects that incorporate local and global teams.
Demonstrate the value of information technology (IT) security throughout all levels of the organization. Influence business and IT teams to create innovative and sophisticated solutions to complex problems.
Create, review, and update security policies, procedures, standards and guidelines.
Act as a security risk and compliance SME for IT groups seeking intermediate to advanced security input.
Lead creation of milestones and timelines for assigned security projects/initiatives.
Demonstrate ownership of assigned projects from initiation to completion by employing precision, analytical skills, and strong attention to detail.
Perform other duties as assigned.

Physical Actions

Sits or stands for extended periods of time, up to a full work shift. Occasionally reaches overhead and below the knees, including bending, twisting, pulling, and stooping. Occasionally moves, lifts, carries, and places objects and supplies weighing 0-10 pounds without assistance. Listens to, interprets, and differentiates auditory information (e.g. others speaking) at normal speaking levels with or without correction. Visually verifies and reads information. Visually locates material, resources and other objects. Ability to continuously operate a computer for extended periods of time, up to a full work shift. Physical dexterity sufficient to use hands, arms, and shoulders repetitively to operate keyboard and other office equipment up to a full work shift.

Physical Environment

This position operates in an open office working environment which will include normal and customary distractions, noise, and interruptions.

Education Requirements

High school diploma or equivalent required. Bachelor's degree in Information Systems or related discipline preferred.

Experience Requirements

3 - 7 years of experience in governance, risk management, and compliance; external/internal auditing; or, advisory consulting firm
Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, NIST, and ISO.
Solid experience in documenting controls, policies, reports, presentations, agendas, and meeting minutes.
Solid understanding of assessing IT or security risk in an enterprise-level environment.
Strong project management, time management, presentation, and organizational skills.
PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.

About Farmers Insurance

At Farmers Insurance, our employees set the tone, drive our strategy and create world-class customer experiences. Our employees also help make Farmers one of the largest insurers of vehicles, homes, and small businesses in the United States.

We’re continually looking for new people to join our team. If you’re a proactive self-starter who wants to work on innovative, meaningful projects that make positive impacts on customers and communities, take a look at what working at Farmers could mean for you.